California HR Individuals Privacy Notice

Last Updated: March 2024

Path CCM, Inc. d/b/a Rula Health (“Rula”) takes your privacy seriously.  SUD Specialty Group – CA, Mental Health Specialty Group, P.A., Mental Health Specialty Group NJ, PC, and Mental Health Specialty Group KS, P.A. (collectively, “Group”) contracts with Rula for management and administrative support services.  Each entity within the Group and Rula are referenced herein, collectively, as “Company”.  We want you to know how we collect, use, and disclose, your personal information.  

California Notice at Collection:  Company collects the personal information identified in Section 1 for the purposes identified in Section 3 and retains it for the period described in Section 5. We do not sell your personal information or disclose it for cross-context behavioral advertising (“sharing”).  We also do not collect or process sensitive personal information for the purpose of inferring characteristics about you. To the extent you provide Company with personal information about your dependents, spouse, beneficiaries, or emergency contacts, you are responsible for providing this notice to them.

Assistance For The Disabled

Company complies with the ADA, the ADAAA and applicable state law and considers reasonable accommodation measures that may be necessary for qualified applicants/employees to perform the essential functions of the job. Hire may be contingent upon a post-offer medical examination, and to skill and agility tests, as appropriate for the position.

This Privacy Policy explains: 

1. The categories of personal information we collect about you
2. The categories of sources from which we collect your personal information
3. The purposes for which we use your personal information  
4. How we may disclose your personal information
5. How long we keep your personal information
6. Changes to this Privacy Policy 

Scope:

This Privacy Policy applies to the personal information of California residents who are (a) employees, (b) independent contractors, interns, volunteers and other individuals who perform work for Company (collectively “Non-Employee Workers”), or (c) employees’ and Non-Employee Workers’ dependents, emergency contacts, and beneficiaries (“Related Contacts”), (all collectively, “HR Individuals”) in their role as HR Individuals.   This Privacy Policy informs HR Individuals about the categories of personal information Company has collected about them in the preceding twelve months as well as the categories of personal information that the Company will collect about HR individuals in the future.

Except where the Privacy Policy specifically refers only to a specific category of HR Individuals, e.g., employees, this Privacy Policy refers to all categories of HR Individuals collectively. 

“Personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular HR Individual.

“Personal information” does not include:

• Information publicly available from government records or made publicly available by you or with your permission;
• Deidentified or aggregated information;
• Information excluded from the CPRA’s scope, such as:
  • Protected health information covered by the Health Insurance Portability and Accountability Act (“HIPAA”) or the Health Information Technology for Economic and Clinical Health Act (“HITECH”) or medical information covered by California Confidentiality of Medical Information Act (“CMIA”); or
  • Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (“FCRA”), the Gramm-Leach-Bliley Act (“GLBA”), or the California Financial Information Privacy Act (“FIPA”). CMIA”); or
  • Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (“FCRA”), the Gramm-Leach-Bliley Act (“GLBA”), or the California Financial Information Privacy Act (“FIPA”).

1.  THE CATEGORIES OF PERSONAL INFORMATION WE COLLECT ABOUT YOU

We may collect the following categories of personal information.  Not all categories may be collected about every HR Individual. For example, some of the below categories may only apply to Employees and not Non-Employee workers, while other categories apply to both Employees and Non-Employee workers.

• Identifiers, for example: real name, alias, telephone number, postal address, e-mail address, signature, bank account name and number for direct deposits, health care provider identifiers, credentialing information, Social Security number for example for tax purposes, driver’s license number, and photographs. 
• Professional or Employment-Related Information, for example: educational institutions attended, degrees and certifications, licenses, work experience and previous employers, professional memberships and affiliations, union representation, seniority, training, employment start and ending dates, and job title.
• Compensation and Benefits Information for Employees, for example: salary, bonus and commission, equity compensation information, hours and overtime, leave information, bank details (for payroll and reimbursement purposes only), benefits in which you may be enrolled, identifying information for dependents and beneficiaries, and amounts paid to Non-Employee Workers for services rendered.
• Commercial Information, for example: business travel and expense records.   
• Internet or Other Electronic Network Activity Information, for example: Internet browsing and search history while using Company’s network, log in/out and activity on Company’s electronic resources, interactions with Company’s Internet web site, application, or advertisement, and publicly available social media activity.
• Sensory or Surveillance Data, for example: voice-mails and recordings of meetings or video-conferences.
• § 1798.80: personal information described under Cal. Civ. Code § 1798.80 to the extent not already included in other categories here, such as benefit information to administer short and long-term benefits as well as other benefit plans.
• Preferences, for example, hobbies and leisure activities, membership in voluntary/charitable/public organizations, and preferences regarding work tools, travel, hours, food for company events, etc.
• Characteristics of Protected Classifications Under California or Federal Law for Employees, for example: race, age, national origin, disability, gender, and veteran status as necessary to comply with legal obligations and to support diversity and inclusion programs; disability, medical condition, and pregnancy, childbirth, breastfeeding, and related medical conditions, as necessary to comply with Federal and California law related to leaves of absence and accommodation; and marital and familial status as necessary to provide benefits to employees and for tax purposes. 
• Related Contacts. Company only collects contact information about emergency contacts.   Company may collect the following categories of personal information about spouses or domestic partners, dependents, and beneficiaries: (a) Identifiers; (b) Commercial Information if, for example, Company arranges travel for a dependent to attend a Company event; (c) Internet Activity Information if the individual uses Company electronic resources and web sites; (d) § 1798.80 personal information, such as insurance policy numbers if the individual is covered by Company insurance or health information, for example, infectious disease testing when a Related Contact attends a Company event; and (e) Protected Categories of Personal Information, for example, childbirth to administer parental leave, marital status to pay taxes, and familial status to administer benefits.  

Note on inferring characteristics: Company does not collect or process sensitive personal information or characteristics of protected classifications for the purpose of inferring characteristics about the HR Individual.  

2.  THE CATEGORIES OF SOURCES FROM WHICH WE COLLECT YOUR PERSONAL INFORMATION

We collect personal information from the following categories of sources.  Not all categories apply to every HR Individual.

• You, for example, in your job application, forms you fill out for us, assessments you complete, surveys you submit, and any information you provide us during the course of your relationship with us.
• Your spouse or dependent with respect to their own personal information.
• Vendors and service providers, for example, law firms or credentialing services provider.
• Affiliated companies, for example, when an employee works on a cross-enterprise team.
• Third parties, for example, job references, business partners, professional employer organizations or staffing agencies, insurance companies.
• Automated technologies on Company’s electronic resources, for example, to track logins and activity across Company network.
• Surveillance/recording technologies installed by Company, for example, video surveillance in common areas of Company facilities, global positioning system (“GPS”) technologies, voicemail technologies, webcams, audio recording technologies, and blue-tooth technologies, any of these with consent to the extent required by law.
• Government or administrative agencies, for example, law enforcement, public health authorities, California Department of Industrial Relations, Employment Development Department.

3.  THE PURPOSES FOR WHICH WE USE YOUR PERSONAL INFORMATION

A. General Purposes

We may use the personal information we collect for one or more of the following purposes:

• Fulfilling the purpose for which you provided the information or at your direction. For example, if you share your name and contact information to become an employee, we will use that personal information in connection with your employment or potential employment.
• Administering the employment relationship including, but not limited to, human resources administration, payroll processing, benefits administration, leave programs, corporate travel and other business expenses, timekeeping, managing work supplies, grievance or disciplinary matters, diversity and inclusion, ascertaining your fitness to work, drug and alcohol screening, worker’s compensation administration, occupational health surveillance, direct threat analysis, and facilitating employee communication and collaboration.
• Managing and/or analyzing all aspects of employee performance including, but not limited to, talent management, periodic reviews, performance tracking, promotions, retention, discipline, education, training and development, and data analytics.
• Administering the relationship with Non-Employee Workers, including, but not limited to, evaluating the Non-Employee Worker’s qualifications, negotiating and executing work contracts, orientation and familiarization with Company’s working environment, administering the contractual relationship including payments, facilitating communications, and workforce satisfaction.
• Administering the relationship with Related Contacts, including, but not limited to, communications, managing and administering benefits, and managing participation in Company events.
• Promoting Company and creating a positive environment in the workplace, including, but not limited to, planning and running Company events, conducting surveys, running contests, and supporting diversity, equity, and inclusion.
• Ensuring compliance with Company policies and applicable laws and regulations, including, but not limited to, developing and enforcing policies and procedures, authenticating your identity, conducting internal audits and investigations, administering Company’s whistleblower hotline, and preparing reports.
• Protecting health and safety of HR Individuals, visitors, customers, and the public, including, but not limited to, responding to medical emergencies, reducing the risk of exposure to infectious disease and preventing its spread in compliance with applicable laws and regulations, and protecting the safety and security of Company’s facilities.
• Managing the security and integrity of our information and electronic resources including, but not limited to, monitoring use of our electronic resources, preventing unauthorized access to our electronic resources, preventing malicious software distribution, debugging, audits, disaster recovery, business continuity, and cyber security.
• Running our business, including, but not limited to, customer service, project management, research, data analysis, and development, quality assurance and improvement, managing licenses, permits, and authorizations applicable to Company’s business operations, maintaining records, and efficiently managing and operating administrative, information technology, and communications systems, risk management and insurance functions, budgeting, financial management and reporting, and strategic planning.
• Providing, supporting, personalizing, and improving our website and online services relating to your prospective, current, or former employment or engagement.
• Protecting the rights or property of Company, including, but not limited to, detecting and prevent fraud or other types of wrongdoing, managing litigation involving Company, and other legal disputes and inquiries, crisis management, dispute resolution, reporting suspected criminal conduct to law enforcement and cooperating in investigations, short-term transient use of personal information, responding to requests or orders from governmental agencies, exercising Company’s rights under applicable law, and supporting any claim, defense, or declaration involving the Company in a case or before a jurisdictional and/or administrative authority, arbitration, or mediation panel.
• In connection with a corporate transaction, transfer, or assignment of assets, merger, divestiture, or other changes of control or our financial status or any of related subsidiaries or affiliates.

B. Purposes Specific To Certain Categories Of Employees’ Personal Information

We may use the categories of employees’ personal information listed in this Section 3.B for the purposes stated below:  

Purposes For Using Employees’ Health Information: 

• To the extent necessary to comply with Company’s legal obligations, such as to accommodate disabilities
• To conduct a direct threat analysis in accordance with the Americans with Disabilities Act and state law
• For workers’ compensation purposes
• For occupational health surveillance
• For occupational health and safety compliance and record-keeping
• To administer leaves of absence and sick time
• To provide a wellness program
• To respond to an employee’s medical emergency

Purposes For Using Employees’ Protected Categories Of Information:

Company collects information about race, age, national origin, disability, sex, and veteran status as necessary to comply with legal obligations, including the reporting requirements of the federal Equal Employment Opportunity Act, The Office of Federal Contracting Compliance Programs (applicable to government contractors), and California’s Fair Employment and Housing Act.  Company also collects information about disability status to the extent an employee may need special assistance during emergencies from Company or from first responders. 

Company also collects the following characteristics (in addition to those listed above) for its diversity and inclusion programs (including analytics): (a) religion, (b) sex, (c) gender, (d) pregnancy, (e) childbirth, (f) breastfeeding, or related medical conditions, (g) sexual orientation, (h) disability, (i) gender identity, (j) gender expression, (k) marital status, (l) age, (m) familial status, or (n) ancestry.

In addition, Company uses this personal information for purposes including: 

• with respect to disability, medical condition, familial status, marital status, and pregnancy, childbirth, breastfeeding, and related medical conditions: as necessary to comply with Federal and California law related to leaves of absence and accommodation; 
• with respect to military and veteran status: as necessary to comply with leave requirements under applicable law and for tax purposes; 
• with respect to age: incidentally to the use of birth date for birthday celebrations and identity verification; 
• with respect to religion and pregnancy, childbirth, breastfeeding, and related medical conditions: as necessary for accommodations under applicable law; 
• with respect to protected classifications, such as national origin: to the extent this information is contained in documents that you provide in I-9 documentation; and 
• with respect to marital status and familial status: for Company events and as necessary to provide benefits and for tax purposes.

Company collects personal information about membership in protected categories on a purely voluntary basis, except where required by law, and uses the information only in compliance with applicable laws and regulations.

C. Deidentified Information

At times, Company converts personal information into deidentified information using reasonable measures to ensure that the deidentified information cannot be associated with the individual (“Deidentified Information”).  Company maintains Deidentified Information in a deidentified form and does not attempt to reidentify it, except that Company may attempt to reidentify the information solely for the purpose of determining whether its deidentification processes ensure that the information cannot be associated with the individual.

4.  HOW WE MAY DISCLOSE YOUR PERSONAL INFORMATION 

Company generally maintains personal information related to HR Individuals as confidential.  However, from time to time, Company may have a legitimate business need to disclose personal information. In that event, Company discloses information within the categories of personal information listed in Section 1, above, only to the minimum extent necessary to achieve the purpose of the disclosure and only if the disclosure is permitted by the CPRA and other applicable laws.

Company may disclose personal information to the following additional categories of third parties although these disclosures may be for purposes in Section 3, above, other than a business or commercial purpose as defined by the CPRA:

• Your direction: We may disclose your personal information to third parties at your direction.
• Clients or customers: This may include, for example, disclosing a sales representative’s contact information to clients. 
• Affiliated companies: Other companies within the Group, for example, if you work on a cross-enterprise team. 
• Business partners: For example, Company might disclose your business contact information to a co-developer of a new product or service with which you will be working. 
• Government or administrative agencies: These may include, for example the Internal Revenue Service to pay taxes or the California Department of Industrial Relations as required to resolve workers’ compensation claims.
• Public: Company may disclose your personal information to the public as part of a press release, for example, to announce promotions or awards. If you do not want your personal information in press releases, please contact privacy@rula.com. Company does not disclose sensitive personal information to the public.
• Required Disclosures: We may be required to disclose personal information (a) in a court proceeding, (b) in response to a court order, subpoena, civil discovery request, other legal process, or (c) as otherwise required by law. 
• Legal Compliance and Protections: We may disclose personal information when we believe disclosure is necessary to comply with the law or to protect the rights, property, or safety of Company, HR Individuals, or others.

5.  HOW LONG WE KEEP YOUR PERSONAL INFORMATION

Company keeps your personal information for the entire duration of your employment relationship with Company and for as long thereafter as permitted or required by applicable law or regulation, by administrative needs, by legal process, or to exercise or defend legal claims. Company makes its document retention schedule available for review upon request. You may email us at privacy@rula.com to make a request.

6.  CHANGES TO THIS PRIVACY POLICY

If we change this Privacy Policy, we will post those changes on this page and update the Privacy Policy modification date above.

For More Information

For questions or concerns about Company’s privacy policies and practices, please contact us at privacy@rula.com.